Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help my pc is out of control with pop ups and redirects

Started by Brenda50 , Oct 11 2014 05:55 PM

malware redirects pop ups

This topic is locked

#16
zep516

Posted 16 October 2014 - 03:06 PM

Trusted Helper

Malware Removal
8,093 posts

OK.

What about the fix in post # 10 Can you run that ? You said you ran it but it was taking 2 hours or more. What did you eventually do ? Perhaps we could shorten the fix and take a smaller amount at a time....

Thanks
Joe :

I have a lot of patience with this stuff so not to worry, I also understand this stuff is totally confusing at times.....

#17
Brenda50

Posted 17 October 2014 - 10:56 PM

Member

Topic Starter
Member
30 posts

Hi Joe

Finally the FST completed Here is the log Hope it is the right one

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Brenda at 2014-10-18 00:44:46 Run:6
Running from C:\Users\Brenda\Desktop
Loaded Profile: Brenda (Available profiles: Brenda)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONstart
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha42\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta1213\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha485\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha221\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1935\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9027\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home831\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3344\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7142\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2867\ff [Not Found]
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll No File
CHR HKLM-x32\...\Chrome\Extension: [ianbobkeplelligeejgeljdfdgljcnjl] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta1213\ch\VideoPlayerV3beta1213.crx []
CHR HKLM-x32\...\Chrome\Extension: [iebkideapflccachklgbeinjhfeigamo] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3344\ch\MediaBuzzV1mode3344.crx []
CHR HKLM-x32\...\Chrome\Extension: [mpkodcagkabdilcecgmpjjlbajkjfajb] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7142\ch\RichMediaViewV1release7142.crx []
CHR HKLM-x32\...\Chrome\Extension: [plhgnpoeaalmacnhdejkkleickcjfofa] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2867\ch\TrustMediaViewerV1alpha2867.crx []
CHR HKLM-x32\...\Chrome\Extension: [gdnhodjhmdahknapajgfmhlghadbnpik] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha42\ch\WebexpEnhancedV1alpha42.crx []
2014-10-10 13:18 - 2014-10-10 13:18 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2014-10-10 13:17 - 2014-10-10 13:17 - 00004368 _____ () C:\WINDOWS\System32\Tasks\CYHPK
2014-10-10 13:16 - 2014-10-10 13:16 - 00004364 _____ () C:\WINDOWS\System32\Tasks\OQERG
2014-10-10 13:18 - 2014-10-10 13:18 - 00003858 _____ () C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2014-10-10 13:18 - 2014-10-10 13:18 - 00003622 _____ () C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2014-10-10 13:18 - 2014-10-10 13:18 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
C:\Users\Brenda\AppData\Local\Temp\aexyfw5y.dll
C:\Users\Brenda\AppData\Local\Temp\bs.exe
C:\Users\Brenda\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Brenda\AppData\Local\Temp\drv54905.exe
C:\Users\Brenda\AppData\Local\Temp\ezndksyq.dll
C:\Users\Brenda\AppData\Local\Temp\HD_Quality_US_setup.exe
C:\Users\Brenda\AppData\Local\Temp\kbouiafk.dll
C:\Users\Brenda\AppData\Local\Temp\Launcher.exe
C:\Users\Brenda\AppData\Local\Temp\optprosetup.exe
C:\Users\Brenda\AppData\Local\Temp\Quarantine.exe
C:\Users\Brenda\AppData\Local\Temp\SAS6_Update.exe
C:\Users\Brenda\AppData\Local\Temp\setup_399.exe
C:\Users\Brenda\AppData\Local\Temp\SHelp2.exe
C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll
C:\Users\Brenda\AppData\Local\Temp\urz19io0.dll
C:\Users\Brenda\AppData\Local\Temp\xxecndju.dll
CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
Task: {1DD6CEDC-D88E-41CB-B4BE-FB511BF9186E} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {58A86AB7-2BB3-4AE9-800E-545F288C1F72} - System32\Tasks\OQERG => C:\Users\Brenda\AppData\Roaming\OQERG.exe <==== ATTENTION
S2 Update Krab Web; "C:\Program Files (x86)\Krab Web\updateKrabWeb.exe" [X]
C:\Program Files (x86)\Krab Web\updateKrabWeb.exe[X]
EmptyTemp:
reboot:
end
*****************

"C:\WINDOWS\system32\GroupPolicy\Machine" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Value not found.
"HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => Value not found.
C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff not found.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha42\ff not found.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta1213\ff not found.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha485\ff not found.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha221\ff not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1935\ff not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9027\ff not found.
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home831\ff not found.
C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3344\ff not found.
C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7142\ff not found.
C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2867\ff not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@popularscreensavers.com/Plugin" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ianbobkeplelligeejgeljdfdgljcnjl" => Key not found.
"C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta1213\ch\VideoPlayerV3beta1213.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iebkideapflccachklgbeinjhfeigamo" => Key not found.
"C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3344\ch\MediaBuzzV1mode3344.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpkodcagkabdilcecgmpjjlbajkjfajb" => Key not found.
"C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7142\ch\RichMediaViewV1release7142.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plhgnpoeaalmacnhdejkkleickcjfofa" => Key not found.
"C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2867\ch\TrustMediaViewerV1alpha2867.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gdnhodjhmdahknapajgfmhlghadbnpik" => Key not found.
"C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha42\ch\WebexpEnhancedV1alpha42.crx" => File/Directory not found.
"C:\Program Files (x86)\Setup Support for Consumer Input" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\CYHPK" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\OQERG" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore" => File/Directory not found.
"C:\Program Files (x86)\Setup Support for Consumer Input" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\aexyfw5y.dll" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\bs.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\ConsumerInputSetup.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\drv54905.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\ezndksyq.dll" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\HD_Quality_US_setup.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\kbouiafk.dll" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\Launcher.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\optprosetup.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\SAS6_Update.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\setup_399.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\SHelp2.exe" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\urz19io0.dll" => File/Directory not found.
"C:\Users\Brenda\AppData\Local\Temp\xxecndju.dll" => File/Directory not found.
"HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DD6CEDC-D88E-41CB-B4BE-FB511BF9186E}" => Key not found.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58A86AB7-2BB3-4AE9-800E-545F288C1F72}" => Key not found.
C:\Windows\System32\Tasks\OQERG not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OQERG" => Key not found.
Update Krab Web => Service not found.
"C:\Program Files (x86)\Krab Web\updateKrabWeb.exe[X]" => File/Directory not found.
EmptyTemp: => Removed 801.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====EmptyTemp: => Removed 924 MB temporary data.

==== End of Fixlog ====

Thanks for you patience and help

Brenda

#18
zep516

Posted 18 October 2014 - 08:13 AM

Trusted Helper

Malware Removal
8,093 posts

You did the fix correct, but....

I don't like the way it looks. More importantly I made an error in the fix script in post #10, so I'm wondering if that error may have caused the fix to not run correctly, in any event I'd like you to run it again when you get a moment. Post the fix log again.

Thanks
Joe

#19
Brenda50

Posted 20 October 2014 - 04:20 PM

Member

Topic Starter
Member
30 posts

Hi Joe

I ran FRST fix again and it only took a few seconds here is the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2014
Ran by Brenda at 2014-10-19 16:45:29 Run:7
Running from C:\Users\Brenda\Desktop
Loaded Profile: Brenda (Available profiles: Brenda)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
start
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha42\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta1213\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha485\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha221\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1935\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9027\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home831\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3344\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7142\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2867\ff [Not Found]
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll No File
CHR HKLM-x32\...\Chrome\Extension: [ianbobkeplelligeejgeljdfdgljcnjl] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta1213\ch\VideoPlayerV3beta1213.crx []
CHR HKLM-x32\...\Chrome\Extension: [iebkideapflccachklgbeinjhfeigamo] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3344\ch\MediaBuzzV1mode3344.crx []
CHR HKLM-x32\...\Chrome\Extension: [mpkodcagkabdilcecgmpjjlbajkjfajb] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7142\ch\RichMediaViewV1release7142.crx []
CHR HKLM-x32\...\Chrome\Extension: [plhgnpoeaalmacnhdejkkleickcjfofa] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2867\ch\TrustMediaViewerV1alpha2867.crx []
CHR HKLM-x32\...\Chrome\Extension: [gdnhodjhmdahknapajgfmhlghadbnpik] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha42\ch\WebexpEnhancedV1alpha42.crx []
2014-10-10 13:18 - 2014-10-10 13:18 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2014-10-10 13:17 - 2014-10-10 13:17 - 00004368 _____ () C:\WINDOWS\System32\Tasks\CYHPK
2014-10-10 13:16 - 2014-10-10 13:16 - 00004364 _____ () C:\WINDOWS\System32\Tasks\OQERG
2014-10-10 13:18 - 2014-10-10 13:18 - 00003858 _____ () C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2014-10-10 13:18 - 2014-10-10 13:18 - 00003622 _____ () C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2014-10-10 13:18 - 2014-10-10 13:18 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
C:\Users\Brenda\AppData\Local\Temp\aexyfw5y.dll
C:\Users\Brenda\AppData\Local\Temp\bs.exe
C:\Users\Brenda\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Brenda\AppData\Local\Temp\drv54905.exe
C:\Users\Brenda\AppData\Local\Temp\ezndksyq.dll
C:\Users\Brenda\AppData\Local\Temp\HD_Quality_US_setup.exe
C:\Users\Brenda\AppData\Local\Temp\kbouiafk.dll
C:\Users\Brenda\AppData\Local\Temp\Launcher.exe
C:\Users\Brenda\AppData\Local\Temp\optprosetup.exe
C:\Users\Brenda\AppData\Local\Temp\Quarantine.exe
C:\Users\Brenda\AppData\Local\Temp\SAS6_Update.exe
C:\Users\Brenda\AppData\Local\Temp\setup_399.exe
C:\Users\Brenda\AppData\Local\Temp\SHelp2.exe
C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll
C:\Users\Brenda\AppData\Local\Temp\urz19io0.dll
C:\Users\Brenda\AppData\Local\Temp\xxecndju.dll
CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
Task: {1DD6CEDC-D88E-41CB-B4BE-FB511BF9186E} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {58A86AB7-2BB3-4AE9-800E-545F288C1F72} - System32\Tasks\OQERG => C:\Users\Brenda\AppData\Roaming\OQERG.exe <==== ATTENTION
S2 Update Krab Web; "C:\Program Files (x86)\Krab Web\updateKrabWeb.exe" [X]
C:\Program Files (x86)\Krab Web\updateKrabWeb.exe[X]
EmptyTemp:
reboot:
end
*****************

The system needed a reboot.

==== End of Fixlog ====

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
start
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha42\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta1213\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha485\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha221\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1935\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9027\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home831\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3344\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7142\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2867\ff [Not Found]
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll No File
CHR HKLM-x32\...\Chrome\Extension: [ianbobkeplelligeejgeljdfdgljcnjl] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta1213\ch\VideoPlayerV3beta1213.crx []
CHR HKLM-x32\...\Chrome\Extension: [iebkideapflccachklgbeinjhfeigamo] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3344\ch\MediaBuzzV1mode3344.crx []
CHR HKLM-x32\...\Chrome\Extension: [mpkodcagkabdilcecgmpjjlbajkjfajb] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7142\ch\RichMediaViewV1release7142.crx []
CHR HKLM-x32\...\Chrome\Extension: [plhgnpoeaalmacnhdejkkleickcjfofa] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2867\ch\TrustMediaViewerV1alpha2867.crx []
CHR HKLM-x32\...\Chrome\Extension: [gdnhodjhmdahknapajgfmhlghadbnpik] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha42\ch\WebexpEnhancedV1alpha42.crx []
2014-10-10 13:18 - 2014-10-10 13:18 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2014-10-10 13:17 - 2014-10-10 13:17 - 00004368 _____ () C:\WINDOWS\System32\Tasks\CYHPK
2014-10-10 13:16 - 2014-10-10 13:16 - 00004364 _____ () C:\WINDOWS\System32\Tasks\OQERG
2014-10-10 13:18 - 2014-10-10 13:18 - 00003858 _____ () C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2014-10-10 13:18 - 2014-10-10 13:18 - 00003622 _____ () C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2014-10-10 13:18 - 2014-10-10 13:18 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
C:\Users\Brenda\AppData\Local\Temp\aexyfw5y.dll
C:\Users\Brenda\AppData\Local\Temp\bs.exe
C:\Users\Brenda\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Brenda\AppData\Local\Temp\drv54905.exe
C:\Users\Brenda\AppData\Local\Temp\ezndksyq.dll
C:\Users\Brenda\AppData\Local\Temp\HD_Quality_US_setup.exe
C:\Users\Brenda\AppData\Local\Temp\kbouiafk.dll
C:\Users\Brenda\AppData\Local\Temp\Launcher.exe
C:\Users\Brenda\AppData\Local\Temp\optprosetup.exe
C:\Users\Brenda\AppData\Local\Temp\Quarantine.exe
C:\Users\Brenda\AppData\Local\Temp\SAS6_Update.exe
C:\Users\Brenda\AppData\Local\Temp\setup_399.exe
C:\Users\Brenda\AppData\Local\Temp\SHelp2.exe
C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll
C:\Users\Brenda\AppData\Local\Temp\urz19io0.dll
C:\Users\Brenda\AppData\Local\Temp\xxecndju.dll
CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
Task: {1DD6CEDC-D88E-41CB-B4BE-FB511BF9186E} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {58A86AB7-2BB3-4AE9-800E-545F288C1F72} - System32\Tasks\OQERG => C:\Users\Brenda\AppData\Roaming\OQERG.exe <==== ATTENTION
S2 Update Krab Web; "C:\Program Files (x86)\Krab Web\updateKrabWeb.exe" [X]
C:\Program Files (x86)\Krab Web\updateKrabWeb.exe[X]
EmptyTemp:
reboot:
end

I'm not sure which log is which so I posted both

Thanks

Brenda

#20
zep516

Posted 20 October 2014 - 06:34 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Please post a new FRST Log and additions,txt log,

To do that:

Right click on FRST Icon on the desktop, choose "Run as administrator" place a check mark in the additions.txt box at the bottom then click scan. Post the new Logs for me

FRST.TXT
Additions.txt

#21
Brenda50

Posted 21 October 2014 - 10:39 AM

Member

Topic Starter
Member
30 posts

^{Hi Joe,}

^{Here is the new scans}

^{Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014

Ran by Brenda (administrator) on BRENDAPC on 21-10-2014 12:29:32

Running from C:\Users\Brenda\Desktop

Loaded Profile: Brenda (Available profiles: Brenda)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/}

^{==================== Processes (Whitelisted) =================}

^{(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)}

^{(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files\Synaptics\SynTP\DellTouchpad.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe}

^{==================== Registry (Whitelisted) ==================}

^{(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)}

^{HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-24] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-27] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2918200 2012-09-20] (Synaptics Incorporated)

HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [4875576 2012-09-20] ()

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-2564139484-152270176-2040777850-1001\...\Run: [Google Update] => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-10] (Google Inc.)

HKU\S-1-5-21-2564139484-152270176-2040777850-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-2564139484-152270176-2040777850-1001\...\Run: [GoogleChromeAutoLaunch_F3F1F347082F96D0DBAEC2249C80F4F1] => C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION}

^{==================== Internet (Whitelisted) ====================}

^{(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)}

^{HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

SearchScopes: HKLM - {8241E8F1-A9EE-4F50-8FF2-97657CCCABB8} URL = http://www.bing.com/...E10TR&pc=MDDCJS

SearchScopes: HKCU - DefaultScope {8241E8F1-A9EE-4F50-8FF2-97657CCCABB8} URL = http://www.bing.com/...E10TR&pc=MDDCJS

SearchScopes: HKCU - {8241E8F1-A9EE-4F50-8FF2-97657CCCABB8} URL = http://www.bing.com/...E10TR&pc=MDDCJS

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1}

^{FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Brenda\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Brenda\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha42\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta1213\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha485\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha221\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1935\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9027\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home831\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode3344\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7142\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2867\ff [Not Found]}

^{Chrome:

=======

CHR Profile: C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Yahoo Extension) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-01-23]

CHR Extension: (Google Wallet) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]}

^{==================== Services (Whitelisted) =================}

^{(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)}

^{R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)

S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)

R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-08-13] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-08-13] (Microsoft Corporation)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-13] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-13] (Microsoft Corporation)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)}

^{==================== Drivers (Whitelisted) ====================}

^{(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)}

^{R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-20] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-20] (Synaptics Incorporated)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-08-13] (Microsoft Corporation)}

^{==================== NetSvcs (Whitelisted) ===================}

^{(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)}

^{==================== One Month Created Files and Folders ========}

^{(If an entry is included in the fixlist, the file\folder will be moved.)}

^{2014-10-21 12:29 - 2014-10-21 12:30 - 00015879 _____ () C:\Users\Brenda\Desktop\FRST.txt

2014-10-21 12:21 - 2014-10-21 12:21 - 00000000 ___RD () C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2014-10-19 16:43 - 2014-10-19 16:44 - 00004437 _____ () C:\Users\Brenda\Desktop\Fix.txt

2014-10-17 20:22 - 2014-10-17 20:22 - 00056832 ___SH () C:\Users\Brenda\Downloads\Thumbs.db

2014-10-17 19:16 - 2014-10-21 12:28 - 00000000 ____D () C:\Users\Brenda\Desktop\FRST-OlderVersion

2014-10-16 00:17 - 2014-09-27 18:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-10-16 00:17 - 2014-09-13 02:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll

2014-10-16 00:17 - 2014-09-13 01:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll

2014-10-16 00:17 - 2014-09-07 23:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-10-16 00:17 - 2014-09-07 21:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-10-16 00:17 - 2014-09-07 21:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2014-10-16 00:17 - 2014-09-07 20:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2014-10-16 00:17 - 2014-09-07 20:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2014-10-16 00:17 - 2014-09-07 20:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-10-16 00:17 - 2014-09-07 20:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-10-16 00:17 - 2014-09-07 20:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-10-16 00:17 - 2014-09-07 20:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-10-16 00:17 - 2014-09-07 20:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-10-16 00:17 - 2014-09-07 19:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2014-10-16 00:17 - 2014-09-07 19:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2014-10-16 00:17 - 2014-09-07 19:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-10-16 00:17 - 2014-09-07 19:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-10-16 00:17 - 2014-09-03 20:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-10-16 00:17 - 2014-09-03 19:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-10-16 00:17 - 2014-09-03 19:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-10-16 00:16 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-10-16 00:16 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-10-16 00:16 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-10-16 00:16 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-10-16 00:16 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-10-16 00:16 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-10-16 00:16 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-10-16 00:16 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-10-16 00:16 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-10-16 00:16 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-10-16 00:16 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-10-16 00:16 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-10-16 00:16 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-10-16 00:16 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-10-16 00:16 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-10-16 00:16 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-10-16 00:16 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-10-16 00:16 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-10-16 00:16 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-10-16 00:16 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-10-16 00:16 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-10-16 00:16 - 2014-09-18 20:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-10-16 00:16 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-10-16 00:16 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-10-16 00:16 - 2014-09-18 20:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-10-16 00:16 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-10-16 00:16 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-10-16 00:16 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-10-16 00:16 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-10-16 00:16 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-10-16 00:16 - 2014-09-03 20:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2014-10-16 00:16 - 2014-09-03 20:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2014-10-16 00:15 - 2014-10-09 18:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-10-16 00:15 - 2014-10-08 18:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-10-16 00:15 - 2014-09-18 21:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-10-16 00:15 - 2014-09-13 02:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2014-10-16 00:15 - 2014-09-13 01:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2014-10-16 00:15 - 2014-08-28 21:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll

2014-10-16 00:15 - 2014-08-28 19:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-10-16 00:15 - 2014-08-28 19:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-10-16 00:15 - 2014-08-16 00:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-10-16 00:15 - 2014-08-16 00:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-10-16 00:15 - 2014-08-16 00:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2014-10-16 00:15 - 2014-08-15 23:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2014-10-16 00:15 - 2014-08-15 23:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-10-16 00:15 - 2014-08-15 23:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-10-16 00:15 - 2014-08-15 23:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-10-16 00:15 - 2014-08-15 23:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-10-16 00:15 - 2014-08-15 23:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2014-10-16 00:15 - 2014-08-15 21:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2014-10-16 00:15 - 2014-08-15 21:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll

2014-10-16 00:15 - 2014-08-15 20:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2014-10-16 00:15 - 2014-08-15 20:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

2014-10-16 00:15 - 2014-08-15 20:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll

2014-10-16 00:15 - 2014-08-15 20:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2014-10-16 00:15 - 2014-08-15 20:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll

2014-10-16 00:15 - 2014-08-15 20:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll

2014-10-16 00:15 - 2014-08-15 20:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2014-10-16 00:15 - 2014-08-15 20:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll

2014-10-16 00:15 - 2014-08-15 20:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-16 00:15 - 2014-08-15 20:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-10-16 00:15 - 2014-08-15 20:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-10-16 00:15 - 2014-08-15 20:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-10-16 00:15 - 2014-08-15 20:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-16 00:15 - 2014-08-15 20:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-10-16 00:15 - 2014-08-15 20:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-10-16 00:15 - 2014-08-15 20:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-10-16 00:15 - 2014-08-15 20:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-10-16 00:15 - 2014-08-15 20:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-10-16 00:15 - 2014-08-15 20:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-10-16 00:15 - 2014-08-15 20:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-10-16 00:15 - 2014-08-15 20:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-10-16 00:15 - 2014-08-15 20:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-10-16 00:15 - 2014-08-15 20:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-10-16 00:15 - 2014-07-31 19:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-10-14 21:06 - 2014-10-14 21:07 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\Skype

2014-10-14 21:06 - 2014-10-14 21:06 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-10-14 21:06 - 2014-10-14 21:06 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-10-14 21:06 - 2014-10-14 21:06 - 00000000 ____D () C:\ProgramData\Skype

2014-10-14 21:06 - 2014-10-14 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-10-14 21:04 - 2014-10-14 21:04 - 00000000 ____D () C:\Users\Brenda\Tracing

2014-10-14 20:57 - 2014-10-14 20:57 - 00001476 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2014-10-14 20:57 - 2014-10-14 20:57 - 00001323 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

2014-10-14 20:57 - 2014-10-14 20:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2014-10-14 20:57 - 2014-10-14 20:57 - 00000000 ____D () C:\WINDOWS\en

2014-10-14 20:56 - 2014-10-14 20:56 - 00000000 ____D () C:\Program Files\Windows Live

2014-10-14 20:51 - 2014-10-14 20:51 - 01239752 _____ (Microsoft Corporation) C:\Users\Brenda\Downloads\wlsetup-web.exe

2014-10-13 22:39 - 2014-10-13 22:39 - 00004435 _____ () C:\Users\Brenda\Downloads\fixlist.txt

2014-10-13 22:35 - 2014-10-13 22:36 - 00034601 _____ () C:\Users\Brenda\Downloads\Addition.txt

2014-10-13 22:34 - 2014-10-13 22:36 - 00053664 _____ () C:\Users\Brenda\Downloads\FRST.txt

2014-10-13 22:31 - 2014-10-21 12:28 - 02110976 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe

2014-10-13 21:01 - 2014-10-21 12:29 - 00000000 ____D () C:\FRST

2014-10-13 19:03 - 2014-10-13 19:03 - 00001232 _____ () C:\Users\Brenda\Documents\malware.xml

2014-10-13 18:58 - 2014-10-13 18:58 - 00001046 _____ () C:\malware.txt

2014-10-12 15:16 - 2014-10-12 15:16 - 01976320 _____ () C:\Users\Brenda\Downloads\adwcleaner_4.000 (1).exe

2014-10-12 15:15 - 2014-10-12 15:15 - 01976320 _____ () C:\Users\Brenda\Downloads\adwcleaner_4.000.exe

2014-10-12 14:36 - 2014-10-12 14:36 - 00119284 _____ () C:\Users\Brenda\Downloads\OTL3.Txt

2014-10-12 13:22 - 2014-10-12 13:22 - 00001940 _____ () C:\Users\Brenda\Desktop\JRT.txt

2014-10-12 13:20 - 2014-10-12 13:20 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-10-12 13:18 - 2014-10-12 13:18 - 01705755 _____ (Thisisu) C:\Users\Brenda\Downloads\JRT.exe

2014-10-12 13:02 - 2014-10-12 16:20 - 00000000 ____D () C:\AdwCleaner

2014-10-12 13:01 - 2014-10-12 13:01 - 01976320 _____ () C:\Users\Brenda\Downloads\AdwCleaner.exe

2014-10-12 12:39 - 2014-10-12 12:39 - 00117814 _____ () C:\Users\Brenda\Downloads\OTL2.Txt

2014-10-12 11:34 - 2014-10-12 11:34 - 00000000 ____D () C:\_OTL

2014-10-12 01:09 - 2014-10-12 01:09 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-10-12 01:06 - 2014-10-12 01:22 - 00000000 ____D () C:\ProgramData\MFAData

2014-10-12 01:06 - 2014-10-12 01:06 - 00000000 ____D () C:\Users\Brenda\AppData\Local\MFAData

2014-10-12 01:06 - 2014-10-12 01:06 - 00000000 ____D () C:\Users\Brenda\AppData\Local\Avg2015

2014-10-12 01:05 - 2014-10-12 01:05 - 00000000 ____D () C:\ProgramData\Lavasoft

2014-10-12 00:58 - 2014-10-12 00:58 - 04579176 _____ (AVG Technologies) C:\Users\Brenda\Downloads\avg_free_stb_all_2015_5315_cnet.exe

2014-10-12 00:55 - 2014-10-12 00:55 - 00055664 _____ (Premium Installer ) C:\Users\Brenda\Downloads\Ad-Aware.exe

2014-10-11 19:31 - 2014-10-11 19:31 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-10-11 18:24 - 2014-10-11 18:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Brenda\Downloads\tdsskiller.exe

2014-10-10 13:18 - 2014-10-10 13:18 - 00003274 _____ () C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-2564139484-152270176-2040777850-1001

2014-10-10 13:18 - 2014-10-10 13:18 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\Compete

2014-10-06 22:31 - 2014-10-06 22:31 - 01173968 _____ (ArcadeYum) C:\Users\Brenda\Downloads\ArcadeYumGames.exe

2014-09-30 18:01 - 2014-09-30 18:01 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com}

^{==================== One Month Modified Files and Folders =======}

^{(If an entry is included in the fixlist, the file\folder will be moved.)}

^{2014-10-21 12:26 - 2013-02-18 19:49 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2564139484-152270176-2040777850-1001

2014-10-21 12:25 - 2013-01-26 21:24 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery

2014-10-21 12:21 - 2013-03-10 11:27 - 00002485 _____ () C:\Users\Brenda\Desktop\Google Chrome.lnk

2014-10-21 12:20 - 2014-08-12 23:17 - 00000000 __RDO () C:\Users\Brenda\OneDrive

2014-10-21 11:20 - 2014-08-12 22:57 - 01154305 _____ () C:\WINDOWS\WindowsUpdate.log

2014-10-21 11:17 - 2013-03-10 11:27 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2564139484-152270176-2040777850-1001UA.job

2014-10-21 11:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-10-21 09:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-10-21 08:35 - 2013-11-14 21:31 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F86F089A-20FB-4CE9-B888-5287C503C187}

2014-10-20 07:17 - 2013-03-10 11:27 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2564139484-152270176-2040777850-1001Core.job

2014-10-19 16:51 - 2014-03-18 06:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-10-19 16:47 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-10-19 16:46 - 2014-03-18 05:54 - 00195986 _____ () C:\WINDOWS\PFRO.log

2014-10-19 16:46 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-10-16 17:40 - 2013-04-29 19:17 - 00000000 ____D () C:\Program Files (x86)\SUPERAntiSpyware

2014-10-16 16:27 - 2014-03-01 21:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-10-16 14:04 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-10-16 07:46 - 2014-08-22 22:52 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-10-16 07:45 - 2013-08-22 10:44 - 00492000 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-10-16 02:47 - 2014-07-10 09:57 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-10-16 02:47 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-10-16 02:47 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-10-16 02:47 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-10-16 02:47 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager

2014-10-16 02:47 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera

2014-10-16 01:22 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-10-14 21:06 - 2013-01-26 21:27 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-10-14 21:04 - 2014-08-12 22:36 - 00000000 ____D () C:\Users\Brenda

2014-10-14 20:58 - 2013-03-14 19:14 - 00000000 ____D () C:\Users\Brenda\AppData\Local\Windows Live

2014-10-14 20:57 - 2013-01-26 21:27 - 00001392 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

2014-10-14 20:56 - 2013-01-26 21:26 - 00011192 _____ () C:\WINDOWS\DirectX.log

2014-10-13 22:40 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-10-13 18:52 - 2014-08-04 19:59 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-10-12 16:05 - 2012-07-26 01:26 - 00000226 _____ () C:\WINDOWS\win.ini

2014-10-12 14:35 - 2014-08-04 19:52 - 00119284 _____ () C:\Users\Brenda\Downloads\OTL.Txt

2014-10-12 13:11 - 2014-09-18 00:08 - 00001114 _____ () C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2014-10-12 13:11 - 2014-09-18 00:08 - 00001084 _____ () C:\Users\Brenda\Desktop\Search.lnk

2014-10-11 20:21 - 2013-02-18 19:39 - 00000000 ____D () C:\Users\Brenda\AppData\Local\Packages

2014-10-11 19:29 - 2014-08-04 19:55 - 00207190 _____ () C:\Users\Brenda\Desktop\OTL.Txt

2014-10-10 21:16 - 2014-08-26 12:33 - 00000000 ___HD () C:\Users\Public\Temp

2014-10-05 22:43 - 2013-08-22 10:46 - 00289033 _____ () C:\WINDOWS\setupact.log

2014-09-30 17:46 - 2013-06-26 12:52 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-09-29 18:45 - 2013-08-22 11:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-09-29 18:45 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-22 02:42 - 2014-08-25 21:33 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe}

^{==================== Bamital & volsnap Check =================}

^{(There is no automatic fix for files that do not pass verification.)}

^{C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed}

^{LastRegBack: 2014-10-19 19:35}

^{==================== End Of Log ============================}

^{Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014

Ran by Brenda at 2014-10-21 12:31:08

Running from C:\Users\Brenda\Desktop

Boot Mode: Normal

==========================================================}

^{==================== Security Center ========================}

^{(If an entry is included in the fixlist, it will be removed.)}

^{AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}}

^{==================== Installed Programs ======================}

^{(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)}

^{Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)

americanfallsss1.exe (HKLM\...\americanfallsss1_folder) (Version: - )

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AVG 2015 (Version: 15.0.4181 - AVG Technologies) Hidden

Beaches2012.scr (HKLM\...\Beaches2012_folder) (Version: - )

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)

Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)

Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)

Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version: - Canon Inc.‎)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)

CWA Reminder by We-Care.com v4.1.22.3 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.3 - We-Care.com)

CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden

CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden

CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden

CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden

CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)

Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.17 - Synaptics Incorporated)

Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)

Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden

File Association Manager (HKLM-x32\...\FileAssociationManager) (Version: 0.5 - Amnis Technology Ltd)

Garmin Express (HKLM-x32\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Media Buzz (HKLM-x32\...\MediaBuzzV1mode3344) (Version: 1.1 - Media Buzz) <==== ATTENTION

Media Player (HKLM-x32\...\MediaPlayerV1alpha485) (Version: 1.1 - Media Player) <==== ATTENTION

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

PopularScreensavers Toolbar and Software (HKLM-x32\...\PopularScreensavers_7ibar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Shopping Helper Smartbar (HKLM-x32\...\{C64BEB42-B25D-4674-BB55-4099CB720110}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION

Shopping Helper Smartbar Engine (HKCU\...\{6f8946c3-3891-4254-b198-25b9c5482e15}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION

Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1014 - SUPERAntiSpyware.com)

The Blu 2.0 (HKLM-x32\...\{BC8C6974-CECD-40E4-9553-287C555DE93A}_is1) (Version: - Wemo Media Inc.)

Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - WebAppTech Coding, LLC) <==== ATTENTION

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)}

^{==================== Custom CLSID (selected items): ==========================}

^{(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)}

^{CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2564139484-152270176-2040777850-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Brenda\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File}

^{==================== Restore Points =========================}

^{24-09-2014 03:03:27 Windows Update

12-10-2014 00:10:46 Scheduled Checkpoint

15-10-2014 00:54:25 Windows Live Essentials

15-10-2014 00:55:32 Installed DirectX

16-10-2014 06:39:07 Windows Defender Checkpoint

19-10-2014 12:12:30 Windows Update}

^{==================== Hosts content: ==========================}

^{(If needed Hosts: directive could be included in the fixlist to reset Hosts.)}

^{2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts}

^{==================== Scheduled Tasks (whitelisted) =============}

^{(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)}

^{Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {0D52689E-40CA-4ED7-B0F2-1F2F7F543BD0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B4600B8-A5D7-47FD-ABB7-A813A87C5834} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-20] (Synaptics Incorporated)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {46C3BF98-C8CA-4A09-8842-BF977E0E31FA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {5AD37204-F780-407A-9B62-C99FBB3BA1AC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {5EFD183F-56FE-4E17-8D5A-84AFE5353CDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2564139484-152270176-2040777850-1001UA => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {797626AF-8EC6-4E7B-811D-87DA6D2FBBCE} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {B0C48B0C-AF64-48F3-AEF4-60E35D25C751} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {B1244550-1DCE-4693-A8B1-1F44D0BFE049} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2564139484-152270176-2040777850-1001Core => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)

Task: {B5B70AFC-CF29-40D7-A676-8A4AE0CE4032} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-14] (Microsoft Corporation)

Task: {BACEDC5F-A09D-4A45-A450-599DEE4D58AC} - System32\Tasks\CIMT_S-1-5-21-2564139484-152270176-2040777850-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe

Task: {BC915396-F911-440D-869F-6152A524777D} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION

Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {C83E1518-B7B0-40DA-B597-95BB851BF5E9} - \CYHPK No Task File <==== ATTENTION

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E1355356-6CFB-4FAE-B949-A2243235209F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2564139484-152270176-2040777850-1001Core.job => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2564139484-152270176-2040777850-1001UA.job => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe}

^{==================== Loaded Modules (whitelisted) =============}

^{2013-01-26 21:19 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2012-12-28 14:39 - 2012-12-28 14:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2012-12-28 14:36 - 2012-12-28 14:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll

2012-12-28 14:41 - 2012-12-28 14:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe

2013-01-26 20:05 - 2012-09-20 20:40 - 04875576 _____ () C:\Program Files\Synaptics\SynTP\DellTouchpad.exe

2012-12-28 14:42 - 2012-12-28 14:42 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-10-17 14:11 - 2014-10-17 14:11 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll

2013-01-26 21:10 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2013-01-26 21:18 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll}

^{==================== Alternate Data Streams (whitelisted) =========}

^{(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)}

^{AlternateDataStreams: C:\Users\Brenda\OneDrive:ms-properties}

^{==================== Safe Mode (whitelisted) ===================}

^{(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)}

^{HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03342137.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03342137.sys => ""="Driver"}

^{==================== EXE Association (whitelisted) =============}

^{(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)}

^{==================== MSCONFIG/TASK MANAGER disabled items =========}

^{(Currently there is no automatic fix for this section.)}

^{HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"

HKLM\...\StartupApproved\Run32: => "IAStorIcon"

HKCU\...\StartupApproved\Run: => "Optimizer Pro"}

^{========================= Accounts: ==========================}

^{Administrator (S-1-5-21-2564139484-152270176-2040777850-500 - Administrator - Disabled)

Brenda (S-1-5-21-2564139484-152270176-2040777850-1001 - Administrator - Enabled) => C:\Users\Brenda

Guest (S-1-5-21-2564139484-152270176-2040777850-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2564139484-152270176-2040777850-1005 - Limited - Enabled)}

^{==================== Faulty Device Manager Devices =============}

^{==================== Event log errors: =========================}

^{Application errors:

==================

Error: (10/21/2014 09:30:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005}

^{Error: (10/21/2014 08:31:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 47951890}

^{Error: (10/21/2014 08:31:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 47951890}

^{Error: (10/21/2014 08:31:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second}

^{Error: (10/20/2014 02:46:55 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.}

^{Process ID: 3524}

^{Start Time: 01cfec5824fe9cf9}

^{Termination Time: 156}

^{Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE}

^{Report Id: 7357f2a3-5889-11e4-befb-34238732788c}

^{Faulting package full name:}

^{Faulting package-relative application ID:}

^{Error: (10/20/2014 07:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 25806969}

^{Error: (10/20/2014 07:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 25806969}

^{Error: (10/20/2014 07:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second}

^{Error: (10/19/2014 07:39:09 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8}

^{Error: (10/19/2014 04:47:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Exception code: 0x40000015

Fault offset: 0x0007da8a

Faulting process id: 0x75c

Faulting application start time: 0xmbamservice.exe0

Faulting application path: mbamservice.exe1

Faulting module path: mbamservice.exe2

Report Id: mbamservice.exe3

Faulting package full name: mbamservice.exe4

Faulting package-relative application ID: mbamservice.exe5}

^{System errors:

=============

Error: (10/21/2014 00:21:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.}

^{Error: (10/21/2014 08:34:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.}

^{Error: (10/20/2014 06:28:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - October 2014 (KB890830).}

^{Error: (10/20/2014 07:16:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.}

^{Error: (10/19/2014 04:53:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.}

^{Error: (10/19/2014 04:49:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).}

^{Error: (10/19/2014 04:47:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).}

^{Error: (10/19/2014 04:36:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.}

^{Error: (10/19/2014 11:44:00 AM) (Source: DCOM) (EventID: 10010) (User: BRENDAPC)

Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa}

^{Error: (10/19/2014 09:10:33 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.}

^{Microsoft Office Sessions:

=========================

Error: (10/21/2014 09:30:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005}

^{Error: (10/21/2014 08:31:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 47951890}

^{Error: (10/21/2014 08:31:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 47951890}

^{Error: (10/21/2014 08:31:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second}

^{Error: (10/20/2014 02:46:55 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: IEXPLORE.EXE11.0.9600.17344352401cfec5824fe9cf9156C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE7357f2a3-5889-11e4-befb-34238732788c}

^{Error: (10/20/2014 07:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 25806969}

^{Error: (10/20/2014 07:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 25806969}

^{Error: (10/20/2014 07:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second}

^{Error: (10/19/2014 07:39:09 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8}

^{Error: (10/19/2014 04:47:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a75c01cfebdde69dd22fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe2d6e8603-57d1-11e4-befb-34238732788c}

^{CodeIntegrity Errors:

===================================

Date: 2014-10-19 19:37:38.232

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{Date: 2014-10-19 19:37:38.138

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{Date: 2014-10-19 19:37:38.044

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{Date: 2014-10-19 19:37:37.888

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{Date: 2014-10-19 19:37:37.591

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{Date: 2014-10-19 19:37:37.466

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{Date: 2014-10-19 19:37:37.169

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{Date: 2014-10-19 19:37:36.685

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{Date: 2014-10-19 19:37:36.497

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{Date: 2014-10-19 19:37:35.528

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.}

^{==================== Memory info ===========================}

^{Processor: Intel® Pentium® CPU 2127U @ 1.90GHz

Percentage of memory in use: 41%

Total physical RAM: 3977.27 MB

Available physical RAM: 2317.61 MB

Total Pagefile: 6153.27 MB

Available Pagefile: 3432.14 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB}

^{==================== Drives ================================}

^{Drive c: (OS) (Fixed) (Total:455.9 GB) (Free:352.62 GB) NTFS}

^{==================== MBR & Partition Table ==================}

^{========================================================}

^{Disk: 0 (Size: 465.8 GB) (Disk ID: A5E300A5)}

^{Partition: GPT Partition Type.}

^{==================== End Of Log ============================}

^{Hope I got it right this time}

^Thanks

^Brenda

#22
zep516

Posted 22 October 2014 - 05:09 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Another fix for you.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
Task: {BC915396-F911-440D-869F-6152A524777D} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C83E1518-B7B0-40DA-B597-95BB851BF5E9} - \CYHPK No Task File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKCU\...\StartupApproved\Run: => "Optimizer Pro"

end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the (Fixlog.txt). that gets saved to the desktop after the fix has run.

How is the computer ?

Thanks
Joe

#23
Brenda50

Posted 23 October 2014 - 07:24 AM

Member

Topic Starter
Member
30 posts

hi Joe

Here is the log of the last fix

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014
Ran by Brenda at 2014-10-23 09:21:32 Run:8
Running from C:\Users\Brenda\Desktop
Loaded Profile: Brenda (Available profiles: Brenda)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Task: {BC915396-F911-440D-869F-6152A524777D} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C83E1518-B7B0-40DA-B597-95BB851BF5E9} - \CYHPK No Task File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKCU\...\StartupApproved\Run: => "Optimizer Pro"

end
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC915396-F911-440D-869F-6152A524777D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC915396-F911-440D-869F-6152A524777D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C83E1518-B7B0-40DA-B597-95BB851BF5E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C83E1518-B7B0-40DA-B597-95BB851BF5E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CYHPK" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\...\StartupApproved\Run: => "Optimizer Pro" => Error: No automatic fix found for this entry.

==== End of Fixlog ====

Thanks

Brenda

#24
zep516

Posted 23 October 2014 - 06:00 PM

Trusted Helper

Malware Removal
8,093 posts

What issue remain Brenda ?

Joe

#25
Brenda50

Posted 24 October 2014 - 10:58 AM

Member

Topic Starter
Member
30 posts

Hi Joe

There doesn't seem to be any more issues right now. PC seems to be running ok. What would you recommend I do to further protect my PC? Thanks for your time and patience.

Sincerely

Brenda

#26
zep516

Posted 24 October 2014 - 05:15 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Lets remove out tools and clean up first, then some tips for you.

Clean up
Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
Remove disinfection tools
Purge system restore
Reset system settings
Push Run.
The program will run for a few seconds and display a notepad report.

No need to post the log report from that.

Tips

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe

#27
Brenda50

Posted 27 October 2014 - 02:57 PM

Member

Topic Starter
Member
30 posts

Hi Joe

Thank you soo much for your help. It is running great now. I have followed the recommendations on Security Garden, Thanks again

Sincerely

Brenda

#28
zep516

Posted 27 October 2014 - 03:10 PM

Trusted Helper

Malware Removal
8,093 posts

You're welcome,

Nice working with you, I'll close the topic now.

Joe

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.